Hearing device system, devices and method of creating a trusted bond between a hearing device and a user application

ABSTRACT

Methods and devices are disclosed. A method, performed in a user application, of creating a trusted bond between a hearing device and the user application is disclosed, wherein the method comprises obtaining first authentication material; transmitting a first authentication request comprising a first authentication type identifier and first authentication data to the hearing device; receiving an authentication response comprising an authentication key identifier; storing an authentication key and the authentication key identifier, wherein the authentication key is based on the first authentication material; and connecting the user application to the hearing device using the authentication key and the authentication key identifier.

RELATED APPLICATION DATA

This application claims priority to, and the benefit of, European PatentApplication No. 16202918.5, filed on Dec. 8, 2016. The entire disclosureof the above application is expressly incorporated by reference herein.

FIELD

The present disclosure relates to a hearing device system comprising ahearing device and a user accessory device. In particular, the presentdisclosure relates to methods and devices for creating a trusted bondbetween entities of a hearing device system.

BACKGROUND

Wireless communication to and from different entities of a hearingdevice system has been increasing in continuation of the developmentswithin wireless communication technology. However, the new technologiesentail new challenges for the hearing aid manufacturers in order tosecure communication in a hearing device system. Wireless communicationinterfaces of a hearing device system desirably use an openstandard-based interface. However, this poses many challenges in termsof security.

SUMMARY

There is a need for apparatus, devices and methods for providing easy,efficient, and secure pairing of a user application and a hearingdevice.

Accordingly, a method, performed in a user application, of creating atrusted bond between a hearing device and the user application isdisclosed, wherein the method comprises: obtaining first authenticationmaterial; transmitting a first authentication request comprising a firstauthentication type identifier and/or first authentication data to thehearing device; receiving an authentication response comprising anauthentication key identifier; storing an authentication key and theauthentication key identifier, wherein the authentication key isoptionally based on the first authentication material; and connectingthe user application to the hearing device using the authentication keyand the authentication key identifier.

Further, a method, performed in a hearing device, of creating a trustedbond between the hearing device and a user application is disclosed,wherein the method comprises: optionally transmitting security data ofthe hearing device, wherein the security data are indicative of anauthentication type applied in the hearing device; transmitting firstauthentication material; receiving a first authentication requestcomprising a first authentication type identifier and/or firstauthentication data; verifying the first authentication data; anddetermining and storing an authentication key if verifying the firstauthentication data is successful.

Also, a user application configured to perform methods performed in auser application described herein is provided. A hearing deviceconfigured to perform methods performed in a hearing device describedherein is provided.

A user application for a user accessory device of a hearing devicesystem comprising a hearing device is provided, the user accessorydevice comprising a processing unit; a memory unit; and an interface,wherein the user application when running on the user accessory deviceis configured to: obtain first authentication material; transmit a firstauthentication request comprising a first authentication type identifierand/or first authentication data to the hearing device; receive anauthentication response comprising an authentication key identifier;store an authentication key and the authentication key identifier,wherein the authentication key is based on the first authenticationmaterial; and connect the user application to the hearing device usingthe authentication key and the authentication key identifier.

Even further, a hearing device is provided, the hearing devicecomprising: a processing unit; a memory unit; and an interface, whereinthe hearing device is configured to: transmit first authenticationmaterial; receive a first authentication request comprising a firstauthentication type identifier and/or first authentication data; verifythe first authentication data; and determine and store an authenticationkey if verifying the first authentication data is successful.

It is an important advantage of the present disclosure that a secure andeasy pairing between a user application and a hearing device isprovided, at least after an initial pairing. Further, the presentdisclosure allows for a plurality of ways to authenticate a userapplication towards a hearing device, in turn providing increased designfreedom for a dispenser.

The present methods, applications and devices enables a dispenser, thehearing device manufacturer and even the hearing device user to select asuitable initial method of pairing or creating a trusted bond from aplurality of ways to creating a trusted bond between a hearing deviceand a user application.

It is an important advantage that the authentication key is nottransmitted between the user application and the hearing device, whichincreases the security level in hearing device system communication.

A method of establishing a connection with a hearing device, includes:obtaining first authentication material; transmitting a firstauthentication request comprising a first authentication type identifierand first authentication data to the hearing device; receiving anauthentication response comprising an authentication key identifier;storing an authentication key and the authentication key identifier,wherein the authentication key is based on the first authenticationmaterial; and establishing a connection with the hearing device usingthe authentication key and the authentication key identifier.

Optionally, the first authentication material comprises a hearing deviceidentifier and a first hearing device challenge value.

Optionally, the method further includes determining a first commonsecret based on the first authentication material.

Optionally, the method further includes determining an applicationsession key, and calculating the first authentication data based on theapplication session key.

Optionally, the method further includes verifying the authenticationresponse; wherein the act of storing the authentication key and theauthentication key identifier and/or the act of establishing theconnection with the hearing device using the authentication key and theauthentication key identifier, is performed if the act of verifying theauthentication response results in a successful verification.

Optionally, the method further includes calculating the authenticationkey based on the first authentication material.

Optionally, the method further includes obtaining security data from thehearing device, and wherein the first authentication type identifier isbased on the security data.

Optionally, if the security data is indicative of a primaryauthentication type, the method further comprises: receiving anauthentication accept message; obtaining second authentication materialcomprising a hearing device challenge value; determining secondauthentication data based on the second authentication material; andtransmitting a second authentication request comprising a secondauthentication type identifier and the second authentication data to thehearing device.

Optionally, if the security data is indicative of a secondaryauthentication type, the method further comprises obtaining a passcode,and creating the first authentication request based on the passcode.

Optionally, the method further includes obtaining a public key of thehearing device, and wherein the authentication key is based on thepublic key of the hearing device.

A method performed by a hearing device includes: transmitting securitydata of the hearing device, wherein the security data is indicative ofan authentication type applied in the hearing device; transmitting firstauthentication material; receiving a first authentication requestcomprising a first authentication type identifier and firstauthentication data; verifying the first authentication data; anddetermining and storing an authentication key if the firstauthentication data is successfully verified.

Optionally, if the security data is indicative of a primaryauthentication type and if the first authentication data is successfullyverified, the method further comprises: transmitting an authenticationaccept message; transmitting second authentication material comprising asecond hearing device challenge value; receiving a second authenticationrequest comprising a second authentication type identifier and secondauthentication data; verifying the second authentication data; andtransmitting an authentication response comprising an authentication keyidentifier indicative of the authentication key in the hearing device ifthe second authentication data is successfully verified.

Optionally, the method further includes: starting a timer if the firstauthentication data is successfully verified; and deleting oroverwriting the authentication key if the timer reaches a timerthreshold.

Optionally, if the security data is indicative of a secondaryauthentication type, the method further comprises: retrieving apasscode; wherein the first authentication data is verified based on thepasscode.

A program product includes a set of instructions, an execution of whichby a processing unit of a user accessory device will cause the useraccessory device to perform a method, the method comprising: obtainingfirst authentication material; transmitting a first authenticationrequest comprising a first authentication type identifier and firstauthentication data to a hearing device; receiving an authenticationresponse comprising an authentication key identifier; storing anauthentication key and the authentication key identifier, wherein theauthentication key is based on the first authentication material; andestablishing a connection with the hearing device using theauthentication key and the authentication key identifier.

A hearing device includes: a processing unit; and a memory unit coupledto the processing unit; wherein the processing unit of the hearingdevice is configured to: transmit first authentication material; receivea first authentication request comprising a first authentication typeidentifier and first authentication data; verify the firstauthentication data; and determine and store an authentication key ifthe first authentication data is successfully verified.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages will become readily apparentto those skilled in the art by the following detailed description ofexemplary embodiments thereof with reference to the attached drawings,in which:

FIG. 1 schematically illustrates a hearing system,

FIG. 2 shows an exemplary signaling diagram of signaling between a userapplication and a hearing device,

FIG. 3 shows an exemplary signaling diagram of signaling between a userapplication and a hearing device,

FIG. 4 is a flow diagram of an exemplary method,

FIG. 5 is a flow diagram of an exemplary method,

FIG. 6 is a flow diagram of an exemplary method,

FIG. 7 is a flow diagram of an exemplary method,

FIG. 8. is a flow diagram of an exemplary method, and

FIG. 9 schematically illustrates an exemplary hearing device.

DETAILED DESCRIPTION

Various exemplary embodiments and details are described hereinafter,with reference to the figures when relevant. It should be noted that thefigures may or may not be drawn to scale and that elements of similarstructures or functions are represented by like reference numeralsthroughout the figures. It should also be noted that the figures areonly intended to facilitate the description of the embodiments. They arenot intended as an exhaustive description of the invention or as alimitation on the scope of the invention. In addition, an illustratedembodiment needs not have all the aspects or advantages shown. An aspector an advantage described in conjunction with a particular embodiment isnot necessarily limited to that embodiment and can be practiced in anyother embodiments even if not so illustrated, or if not so explicitlydescribed.

The present disclosure relates to improved security in hearing systemcommunication, and in particular for communication between a useraccessory device having a user application installed thereon and ahearing device. The present disclosure relates to effective hearingsystem communication that is robust against replay attacks, unauthorizedaccess, battery exhaustion attacks, and man-in-the-middle attacks.

The present method is intended for use in an initial authentication whena user application for the first time wants to create a connection to ahearing device. It is an important advantage that subsequent pairing issecure and efficient, e.g. can be performed without user interaction.

As used herein the term “identifier” refers to a piece of data that isused for identifying, such as for categorizing, and/or uniquelyidentifying. The identifier may be in a form of a word, a number, aletter, a symbol, a list, an array, or any combination thereof. Forexample, the identifier as a number may be in the form of an integer,such as unsigned integer, uint, with a length of e.g. 8 bits, 16 bits,32 bits, or more, such as an array of unsigned integers. An identifiermay have a length of several bytes. For example, a hearing deviceidentifier may have a length of 20 bytes.

As used herein static string may be a string of characters, such as from4 to 16 characters.

The hashing function HASH used herein may be any suitable hashingfunction, such as SHA-1, SHA-2, SHA-3, MD5 or other hashing functions.

The user accessory device comprises a memory unit and an interfacerespectively connected to a processing unit. The memory unit may includeremovable and non-removable data storage units including, but notlimited to, Read Only Memory (ROM), Random Access Memory (RAM), etc. Thememory unit has a user application stored thereon. The interfacecomprises an antenna and a wireless transceiver, e.g. configured forwireless communication at frequencies in the range from 2.4 to 2.5 GHz.The interface may be configured for communication, such as wirelesscommunication, with the hearing device comprising an antenna and awireless transceiver.

The present disclosure relates to easy and secure pairing between a useraccessory device and a hearing device. The user accessory device formsan accessory device to the hearing device. The hearing device may be ahearing aid, e.g. of the behind-the-ear (BTE) type, in-the-ear (ITE)type, in-the-canal (ITC) type, receiver-in-canal (RIC) type orreceiver-in-the-ear (RITE) type. Typically, the hearing device and theuser accessory device is in possession of and controlled by the hearingdevice user.

The methods and devices create a trusted bond between a hearing deviceand the user application, thus reducing the complexity of subsequentauthentication procedure between the user application and the hearingdevice.

The method performed in a user application comprises obtaining firstauthentication material. In one or more exemplary methods, obtainingfirst authentication material may comprise receiving firstauthentication material from a hearing device, e.g. in response to theuser application transmitting a read message to the hearing device. Thefirst authentication material may comprise a hearing device identifierand/or a first hearing device challenge value.

The method performed in a user application may comprise determining thefirst authentication data based on the first authentication material.The method performed in a user application may comprise determining afirst common secret based on the first authentication material. Thefirst common secret may be based on application key material. The firstauthentication data may be based on the first common secret.

The method performed in a user application comprises transmitting afirst authentication request comprising a first authentication typeidentifier and/or first authentication data to the hearing device. Thefirst authentication type identifier is indicative of the type ofauthentication used in the present authentication. Use of a firstauthentication type identifier facilitates the use of different initialauthentication schemes, e.g. as determined by the hearing device.

The method performed in a user application comprises receiving anauthentication response comprising an authentication key identifier. Theauthentication response may comprise hearing device authentication data.The authentication response may comprise an authentication statusidentifier indicative of the authentication status. The method performedin a user application may comprise verifying the authenticationresponse, e.g. by verifying the hearing device authentication dataand/or the authentication status identifier. Verifying the hearingdevice authentication data may comprise determining a hearing devicesession key, e.g. based on the first common secret and/or a staticstring, and verifying the hearing device authentication data based onthe hearing device session key.

The hearing device session key HD_SK may be given as:

-   -   HD_SK=HASH(CS_1, HD_SK_STRING),    -   wherein HASH is a hashing function, CS_1 is the first common        secret and HD_SK_STRING is a static string.

The method performed in a user application comprises storing anauthentication key and the authentication key identifier, wherein theauthentication key is based on the first authentication material,optionally if verifying the hearing device authentication data issuccessful.

The method performed in a user application may comprise verifying theauthentication response. One or more of the acts of storingauthentication key and authentication key identifier and/or connectingthe user application to the hearing device using the authentication keyand the authentication key identifier may be performed if verifying theauthentication response is successful.

Also, the method performed in a user application comprises connectingthe user application to the hearing device using the authentication keyand the authentication key identifier, optionally if verifying thehearing device authentication data/authentication response issuccessful. Connecting the user application to the hearing device maycomprise transmitting a first authentication request comprising theauthentication key identifier, first authentication data based on thestored authentication key as keying material stored in the userapplication, and optionally a first authentication type identifierindicative of a tertiary authentication type.

The first authentication data may be based on the first common secret.The method performed in a user application may comprise, e.g. as part ofdetermining the first authentication data, determining an applicationsession key, e.g. based on the first common secret and/or a staticstring, and calculating the first authentication data based on theapplication session key.

The first common secret CS_1 may, e.g. if first authentication typeidentifier is indicative of primary authentication type, be given as:

-   -   CS_1=HASH(HD_KEY, HD_CHALLENGE_1),    -   wherein HASH is a hashing function, HD_KEY is a hearing device        key, e.g. based on the hearing device identifier, and        HD_CHALLENGE_1 is the first hearing device challenge value.

The hearing device key HD_KEY may be given as:

-   -   HD_KEY=HASH(HD_ID, APP_KEY),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and APP_KEY is keying material stored in the user        application. The hearing device key is also found or stored in        the hearing device, thus enabling the hearing device to        calculate the first common secret.

The application session key APP_SK may be given as:

-   -   APP_SK=HASH(CS_1, APP_SK_STRING),    -   wherein HASH is a hashing function, CS_1 is the first common        secret and APP_SK_STRING is a static string.

APP_SK_STRING may be different from or the same as HD_SK_STRING. Thus,application session key and hearing device session key may be the sameor different keys.

The first authentication data AD_1 may be given as:

-   -   AD_1=AES_COUNTER(APP_SK, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        APP_SK is the application session key and APP_S_STRING is a        static string. Thus, the first authentication data may be        generated by encrypting a static string with the application        session key based on the first common secret.

The first authentication data AD_1 may be generated by applying ahashing function to the application session key and/or a static string.

The method performed in a user application may comprise determining orcalculating the authentication key based on the first authenticationmaterial. The authentication key may be based on the first commonsecret.

The authentication key AUTH_KEY may be given as:

-   -   AUTH_KEY=HASH(CS_1, AUTH_KEY_STRING),    -   wherein HASH is a hashing function, CS_1 is the first common        secret and AUTH_KEY_STRING is a static string.

The method performed in a user application may comprise obtainingsecurity data from the hearing device. The first authentication typeidentifier may be based on the security data. Thereby is allowed a userapplication and a hearing device to apply different types ofauthentication, e.g. as selected during fitting of the hearing device.The security data from the hearing device may comprise a type identifierindicative of the authentication to be applied in the userapplication/accepted by the hearing device. The security data maycomprise a keying material identifier enabling the user application toverify if the user application supports communication to the hearingdevice.

The security data may be indicative of a primary authentication type.The method performed in a user application may comprise optionallyreceiving an authentication accept message; obtaining secondauthentication material, e.g. comprising a second hearing devicechallenge value and/or the hearing device identifier, optionally inresponse to receiving the authentication accept message; determiningsecond authentication data based on the second authentication material;and transmitting a second authentication request comprising a secondauthentication type identifier and/or the second authentication data tothe hearing device, optionally if the security data are indicative of aprimary authentication type. The method performed in a user applicationmay, optionally if the security data are indicative of a primaryauthentication type, comprise performing a primary authenticationscheme.

The second authentication data may be based on a second common secret.The method performed in a user application may comprise, e.g. as part ofdetermining the second authentication data, determining a secondaryapplication session key, e.g. based on the second common secret and/or astatic string, and calculating the second authentication data based onthe application session key.

The second authentication data AD_2 may be given as:

-   -   AD_2=AES_COUNTER(APP_SK_2, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        APP_SK_2 is a secondary application session key and APP_S_STRING        is a static string. Thus, the second authentication data may be        generated by an encrypting a static string with a secondary        application session key, e.g. based on a second common secret.

The second authentication data AD_2 may be generated by applying ahashing function to the secondary application session key and/or astatic string.

The second common secret CS_2 may be given as:

-   -   CS_2=HASH(HD_KEY, HD_CHALLENGE_2),    -   wherein HASH is a hashing function, HD_KEY is the hearing device        key, e.g. based on the hearing device identifier, and        HD_CHALLENGE_2 is the second hearing device challenge value.

The secondary application session key APP_SK_2 may be given as:

-   -   APP_SK_2=HASH(CS_2, APP_SK_STRING),    -   wherein HASH is a hashing function, CS_2 is the second common        secret and APP_SK_STRING is a static string.

Verifying the hearing device authentication data may comprisedetermining a secondary hearing device session key, e.g. based on thesecond common secret and/or a static string, and verifying the hearingdevice authentication data based on the secondary hearing device sessionkey.

A secondary hearing device session key HD_SK_2 may be given as:

-   -   HD_SK_2=HASH(CS_2, HD_SK_STRING),    -   wherein HASH is a hashing function, CS_2 is the second common        secret and HD_SK_STRING is a static string.

The security data may be indicative of a secondary authentication type.The method performed in a user application may, optionally if thesecurity data are indicative of a secondary authentication type,comprise performing a second authentication scheme different from thefirst authentication scheme. The method performed in a user applicationmay, optionally if the security data are indicative of a secondaryauthentication type, comprise obtaining a passcode from a user of theuser application and creating the first authentication request, e.g.first authentication data, based on the passcode. Obtaining a passcodefrom a user of the user application may comprise receiving the passcodevia a user interface of a user accessory device running the userapplication. The authentication key may be based on the passcode.

The first common secret CS_1 may, e.g. if first authentication typeidentifier is indicative of secondary authentication type, be given as:

-   -   CS_1=HASH(HASH(HD_KEY, HD_CHALLENGE_1), PASSCODE_INFO),    -   wherein HASH is a hashing function, HD_KEY is a hearing device        key, e.g. based on the hearing device identifier, HD_CHALLENGE_1        is the first hearing device challenge value, and PASSCODE_INFO        is based on the passcode entered by the user. The passcode info        PASSCODE_INFO may be given as:    -   PASSCODE_INFO=HASH(HD_ID, PASSCODE_STR),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and PASSCODE_STR is a string of characters with the        passcode entered by the user.

The method performed in a user application may comprise obtaining apublic key of the hearing device. The authentication key and/or thefirst authentication data may be based on the public key of the hearingdevice. The first common secret may be based on the public key of thehearing device. The public key of the hearing device may be aDiffie-Hellman public key. The method performed in a user applicationmay comprise transmitting a public key of the user application to thehearing device. The first common secret may be based on the public keyof the hearing device and the public key of the user application. Basingthe first authentication data on public keys of the hearing device andthe user application may protect the passcode.

The first common secret CS_1 may, e.g. if first authentication typeidentifier is indicative of primary authentication type, be given as:

-   -   CS_1=HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET),    -   wherein HASH is a hashing function, HD_KEY is a hearing device        key, e.g. based on the hearing device identifier, HD_CHALLENGE_1        is the first hearing device challenge value, and DH_SECRET is        the common secret of the Diffie-Hellman algorithm derived from        the public keys of the hearing device and the user application.

The second common secret CS_2 may, e.g. if first authentication typeidentifier is indicative of primary authentication type, be given as:

-   -   CS_2=HASH(HASH(HD_KEY, HD_CHALLENGE_2), AUTH_KEY),    -   wherein HASH is a hashing function, HD_CHALLENGE_2 is the second        hearing device challenge value, and AUTH_KEY is the        authentication key stored in the temporary memory and given as:    -   AUTH_KEY=HASH(CS_1, AUTH_KEY_STRING).

The first common secret CS_1 may, e.g. if first authentication typeidentifier is indicative of secondary authentication type, be given as:

-   -   CS_1=HASH(HASH(HASH(HD_KEY, HD_CHALLENGE_1), PASSCODE_INFO),        DH_SECRET)    -   wherein HASH is a hashing function, HD_KEY is a hearing device        key, e.g. based on the hearing device identifier, HD_CHALLENGE_1        is the first hearing device challenge value, PASSCODE_INFO is        based on the passcode entered by the user, and DH_SECRET is the        common secret of the Diffie-Hellman algorithm derived from the        public keys of the hearing device and the user application. The        passcode info PASSCODE_INFO may be given as:    -   PASSCODE_INFO=HASH(HD_ID, PASSCODE_STR),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and PASSCODE_STR is a string of characters with the        passcode entered by the user.

The present disclosure also provides a method, performed in a hearingdevice, of creating a trusted bond between the hearing device and a userapplication.

The method performed in a hearing device may comprise transmittingsecurity data of the hearing device, wherein the security data areoptionally indicative of an authentication type applied in the hearingdevice.

The method performed in a hearing device may comprise connecting theuser application to the hearing device using the authentication key andthe authentication key identifier.

The method performed in a hearing device comprises transmitting firstauthentication material. The first authentication material may comprisea hearing device identifier and/or a first hearing device challengevalue. The method performed in a hearing device may comprise retrievingthe hearing device identifier from a memory unit and/or generating thefirst hearing device challenge value, e.g. as a random or pseudo-randomvalue. The method performed in a hearing device may comprise storing thefirst hearing device challenge value in the hearing device.

The method performed in a hearing device comprises receiving a firstauthentication request comprising a first authentication type identifierand/or first authentication data. The first authentication typeidentifier is indicative of which type of authentication is being usedby the user application.

The method performed in a hearing device comprises verifying the firstauthentication data. Verifying the first authentication data in thehearing device may be based on the first authentication material, e.g.hearing device identifier and/or first hearing device challenge value.

The method performed in a hearing device comprises determining andstoring an authentication key, e.g. in a temporary memory and/or inauthentication key storage in memory unit of the hearing device, ifverifying the first authentication data is successful.

The security data may be indicative of a primary authentication type.The method performed in a hearing device may, if the security data isindicative of a primary authentication type and/or verifying the firstauthentication data is successful, comprise transmitting anauthentication accept message; transmitting second authenticationmaterial comprising a second hearing device challenge value, optionallyin response to receiving a read message from the user application; andreceiving a second authentication request comprising a secondauthentication type identifier and/or second authentication data.

The method performed in a hearing device may comprise verifying thesecond authentication data and transmitting an authentication responsecomprising an authentication key identifier indicative of anauthentication key in the hearing device, optionally if verifying thesecond authentication data is successful. Verifying the secondauthentication data in the hearing device may be based on the secondauthentication material, e.g. hearing device identifier and/or secondhearing device challenge value.

The authentication response may comprise hearing device authenticationdata. The method performed in a hearing device may comprise determiningthe hearing device authentication data based on a common secret, such asfirst common secret and/or second common secret depending onauthentication type.

The hearing device authentication data HD_AD may be given as:

-   -   HD_AD=AES_COUNTER(HD_SK, HD_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        HD_SK is the hearing device session key and HD_S_STRING is a        static string. Thus, the hearing device authentication data may        be generated by encrypting a static string with the hearing        device session key based on the first common secret.

The hearing device authentication data HD_AD may be given as:

-   -   HD_AD=AES_COUNTER(HD_SK_2, HD_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        HD_SK_2 is the secondary hearing device session key and        HD_S_STRING is a static string. Thus, the hearing device        authentication data may be generated by encrypting a static        string with the secondary hearing device session key based on        the second common secret.

The hearing device authentication data may be generated by applying ahashing function to the hearing device session key, the secondaryhearing device session key, and/or a static string.

The method performed in a hearing device may comprise storing theauthentication key in authentication key storage in memory unit of thehearing device, optionally if verifying the first or secondauthentication data is successful. The authentication key storage maycomprise or have room for a plurality of authentication keys used by thehearing device for authenticating communication with different userapplications or other entities. Each authentication key stored in theauthentication key storage has a corresponding authentication keyidentifier.

The method performed in a hearing device may comprise starting a timerif verifying the first authentication data is successful. The methodperformed in a hearing device may comprise deleting or overwriting theauthentication key, e.g. in the temporary memory, if the timer reaches atimer threshold. The method performed in a hearing device may comprisestopping and/or resetting the timer, optionally in response to asuccessful verification of the second authentication data. The methodperformed in a hearing device may comprise stopping and/or resetting thetimer in response to receiving a read message from the user applicationor in response to receiving the second authentication request from theuser application.

The method performed in a hearing device may comprise deleting oroverwriting the authentication key, e.g. in the temporary memory, ifverifying the second authentication data fails.

The security data may be indicative of a secondary authentication type.The method performed in a hearing device may, optionally if the securitydata are indicative of a secondary authentication type, compriseretrieving a passcode, e.g. from the memory unit of the hearing device;verifying the first authentication data based on the passcode; andtransmitting an authentication response comprising an authentication keyidentifier indicative of an authentication key in the hearing device, ifverifying the first authentication data is successful. The methodperformed in a hearing device may, e.g. if the security data areindicative of a secondary authentication type, comprise determining andstoring the authentication key, e.g. in authentication key storage in amemory unit of the hearing device, e.g. if verifying the firstauthentication data is successful.

The method performed in a hearing device may comprise connecting theuser application to the hearing device using the authentication key andthe authentication key identifier. Connecting the user application tothe hearing device may comprise receiving a first authentication requestcomprising the authentication key identifier and optionally a firstauthentication type identifier indicative of a tertiary authenticationtype.

Features described in relation to the method performed in a userapplication may also be applied in the method performed in a hearingdevice. In particular, calculation of common secrets for verification ofauthentication data are preferably performed the same way in both thehearing device and the user application.

The present disclosure also relates to a user application for a useraccessory device. The user accessory device may be a smartphone, asmartwatch or a tablet computer. The user application is, when installedon the user accessory device, configured to create a trusted bondbetween a hearing device and the user application.

The present methods and devices enables simple and secure connectionsbetween a hearing device and a user application after an initialcreation of a trusted bond as disclosed herein. Accordingly,processing-heavy authentication procedures may be avoided or at leastheavily reduced after the trusted bond has been created.

Namely, the methods, user applications and hearing devices disclosedherein enable hearing system communication that is robust againstsecurity threats, vulnerabilities and attacks by implementingappropriate safeguards and countermeasures, such as security mechanisms,to protect against threats and attacks.

Throughout, the same reference numerals are used for identical orcorresponding parts.

FIG. 1 shows an exemplary hearing system. The hearing system 2 comprisesa server device 4 and a hearing device system 6 comprising a hearingdevice 8 and a user accessory device 10. The user accessory device 10may be a smartphone configured to wirelessly communicate with thehearing device 8. A user application 12 is installed on the useraccessory device 10. The user application may be for controlling thehearing device 8 and/or assisting a hearing device user. In one or moreexemplary user applications, the user application 12 is configured totransfer firmware and/or hearing device settings to the hearing device.In one or more exemplary user applications, the user application 12 isconfigured to control operating parameters, such as volume, program,etc., of the hearing device

The hearing device 8 may be configured to compensate for hearing loss ofa user of the hearing device 8. The hearing device 8 is configured toconfigured to communicate with the user accessory device 10/userapplication 12, e.g. using a wireless and/or wired first communicationlink 20. The first communication link 20 may be a single hopcommunication link or a multi-hop communication link. The firstcommunication link 20 may be carried over a short-range communicationsystem, such as Bluetooth, Bluetooth low energy, IEEE 802.11 and/orZigBee.

The hearing device 8 comprises an interface including an antenna 24 anda radio transceiver 26 coupled to the antenna 24 forreceiving/transmitting wireless communication including firstcommunication link 20. The hearing device 8 comprises a set ofmicrophones comprising a first microphone 28 and optionally a secondmicrophone 30 for provision of respective first and second microphoneinput signals. The hearing device 8 may be a single-microphone hearingdevice. The hearing device 8 comprises a memory unit (not shown)connected to the processing unit 32. The hearing device 8 comprises aprocessing unit 32 connected to the transceiver 26 and microphones 28,30 for receiving and processing input signals. The processing unit 32 isconfigured to compensate for a hearing loss of a user based on hearingdevice settings and to provide an electrical output signal based on theinput signals. A receiver 34 converts the electrical output signal to anaudio output signal to be directed towards an eardrum of the hearingdevice user.

The user accessory device 10 comprises a processing unit 36, a memoryunit 38, an interface 40. The user application 12 is installed in thememory unit 38 of the user accessory device 10 and, when running on theuser accessory device, configured to obtain first authenticationmaterial, e.g. with obtain module 202 a; transmit a first authenticationrequest comprising a first authentication type identifier and firstauthentication data to the hearing device, e.g. with transmit module 204a; receive an authentication response comprising an authentication keyidentifier, e.g. with receive module 206 a; store an authentication keyand the authentication key identifier, e.g. with storing module 208 a,wherein the authentication key is based on the first authenticationmaterial; and connect the user application to the hearing device usingthe authentication key and the authentication key identifier, e.g. withconnecting module 210 a. The connecting module 210 a may also be usedfor connecting with the server device, e.g. in via second communicationlink 22.

FIG. 2 shows an exemplary signaling diagram 100 between a userapplication 12 and a hearing device 8 illustrating exemplary methods ofcreating a trusted bond between a hearing device and a user applicationaccording to a primary authentication type.

The user application 12 obtains first authentication material includinga hearing device identifier HD_ID and a first hearing device challengevalue HD_CHALLENGE_1 by transmitting a read message 102 to the hearingdevice. The hearing device generates the first hearing device challengevalue, stores the first hearing device challenge value in the memoryunit of the hearing device, and transmits the first authenticationmaterial 104 to the user application in a read response message 106 inresponse to receiving the read message from the user application.

Further, the user application and the hearing device exchange publickeys for the Diffie-Hellmann algorithm by key exchange signalling 107.In the primary authentication type, the key exchange signalling may beomitted.

The user application 12 determines first authentication data AD_1 andtransmits a first authentication type identifier AUT_T_ID and the firstauthentication data AD_1 to the hearing device in a first authenticationrequest 108. The first authentication type identifier AUT_T_ID is infirst authentication request 108 indicative of a first message in aprimary authentication type. The first authentication data AD_1 aregiven by:

-   -   AD_1=AES_COUNTER(APP_SK, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode and        APP_S_STRING is a static string.

APP_SK is an application session key and given as:

-   -   APP_SK=HASH(CS_1, APP_SK_STRING),    -   wherein HASH is a hashing function, such as SHA-2, and        APP_SK_STRING is a static string.

CS_1 is a first common secret and is given as:

-   -   CS_1=HASH(HASH(HD_KEY, HD_CHALLENGE_1), DH_SECRET),    -   wherein HASH is a hashing function, such as SHA-2, HD_KEY is a        hearing device key, HD_CHALLENGE_1 is the first hearing device        challenge value, and DH_SECRET is the common secret of the        Diffie-Hellman algorithm derived from the public keys of the        hearing device and the user application during key exchange        signalling 107. The two hashing functions used for determining        CS_1 may be the same or different hashing function.

HD_KEY is a hearing device key based on the hearing device identifierand given as:

-   -   HD_KEY=HASH(HD_ID, APP_KEY),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and APP_KEY is keying material stored in the user        application.

The hearing device 8 receives the first authentication request 108 andverifies the first authentication data AD_1 by comparing AD_1 withauthentication data calculated in the hearing device. If the hearingdevice 8 successfully verifies the first authentication data, andoptionally the hearing device accepts the primary authentication typeindicated by the first authentication type identifier, the hearingdevice calculates an authentication key, stores the authentication keyin a temporary memory, transmits an authentication accept message 110and starts a timer.

Assuming the hearing device is rebooted before the timer reaches a timethreshold, the user application, after receipt of the authenticationaccept message, detects that the hearing device is visible again andtransmits a read message 112 to the hearing device for obtaining secondauthentication material. The hearing device generates a second hearingdevice challenge value HD_CHALLENGE_2, stores the second hearing devicechallenge value in the memory unit of the hearing device, and transmitsthe second authentication material 114 to the user application in a readresponse message 116 in response to receiving the read message 112 fromthe user application.

Upon receipt of the read response message 116, the user application 12determines second authentication data AD_2 and transmits a firstauthentication type identifier AUT_T_ID and the second authenticationdata AD_2 to the hearing device in a second authentication request 118.The first authentication type identifier AUT_T_ID is in secondauthentication request 118 indicative of a second message in a primaryauthentication type. The second authentication data AD_2 are given by:

-   -   AD_2=AES_COUNTER(APP_SK_2, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode and        APP_S_STRING is a static string.

APP_SK_2 is a secondary application session key and given as:

-   -   APP_SK_2=HASH(CS_2, APP_SK_STRING),    -   wherein HASH is a hashing function, such as SHA-2, and        APP_SK_STRING is a static string.

CS_2 is a second common secret and is given as:

-   -   CS_2=HASH(HASH(HD_KEY, HD_CHALLENGE_2), AUTH_KEY),    -   wherein HASH, such as SHA-2, is a hashing function,        HD_CHALLENGE_2 is the second hearing device challenge value, and        AUTH_KEY is the authentication key given as:    -   AUTH_KEY=HASH(CS_1, AUTH_KEY_STRING).

HD_KEY is again a hearing device key based on the hearing deviceidentifier and given as:

-   -   HD_KEY=HASH(HD_ID, APP_KEY),    -   wherein HASH is a hashing function, such as SHA-2, HD_ID is the        hearing device identifier, and APP_KEY is keying material stored        in the user application. Again, the same or different hashing        functions may be used in different steps for determining the        secondary application session key.

The hearing device 8 receives the second authentication request 118 andverifies the second authentication request/second authentication dataAD_2 by comparing AD_2 with authentication data calculated in thehearing device. If the timer has reached a timer threshold, the hearingdevice deletes or overwrites the authentication key, thus preventingconnection using the authentication key at a later point in time.

If the hearing device 8 successfully verifies the second authenticationdata, the hearing device stores the authentication key from temporarymemory in authentication key storage in memory unit of the hearingdevice with an associated authentication key identifier, determineshearing device authentication data based on the second common secret,and transmits an authentication response 120 comprising hearing deviceauthentication data HD_AD and the authentication key identifierAUTH_KEY_ID to the user application 12.

The hearing device authentication data HD_AD is given as:

-   -   HD_AD=AES_COUNTER(HD_SK_2, HD_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        HD_SK_2 is the secondary hearing device session key based on the        second common secret CS_2, and HD_S_STRING is a static string.

The secondary hearing device session key HD_SK_2 is given as:

-   -   HD_SK_2=HASH(CS_2, HD_SK_STRING),    -   wherein HASH is a hashing function, such as SHA-2, CS_2 is the        second common secret and HD_SK_STRING is a static string.

Thus, the hearing device authentication data may be generated byencrypting a static string with the secondary hearing device session keybased on the second common secret.

The user application 12 receives the authentication response 120 andverifies the authentication response by verifying the hearing deviceauthentication data HD_AD by comparing HD_AD with authentication datacalculated in the user application based on the second common secret. Ifverifying the authentication response is successful, the userapplication calculates the authentication key AUTH_KEY (if notcalculated earlier) and stores the authentication key and theauthentication key identifier AUTH_KEY_ID from the authenticationresponse and connects by connection signalling 122 to the hearing deviceusing the authentication key AUTH_KEY and the authentication keyidentifier AUTH_KEY_ID.

FIG. 3 shows an exemplary signaling diagram 100A between a userapplication 12 and a hearing device 8 illustrating exemplary methods ofcreating a trusted bond between a hearing device and a user applicationaccording to a secondary authentication type.

The user application 12 obtains first authentication material includinga hearing device identifier HD_ID and a first hearing device challengevalue HD_CHALLENGE_1 by transmitting a read message 102 to the hearingdevice. The hearing device generates the first hearing device challengevalue, stores the first hearing device challenge value in the memoryunit of the hearing device, and transmits the first authenticationmaterial 104 to the user application in a read response message 106 inresponse to receiving the read message from the user application.

Further, the user application and the hearing device exchange publickeys for the Diffie-Hellmann algorithm by key exchange signalling 107.

The user application 12 obtains a passcode from a user of the userapplication by receiving the passcode via a user interface of a useraccessory device running the user application and creates firstauthentication request 108 including first authentication data based onthe passcode. The first authentication data AD_1 are given by:

-   -   AD_1=AES_COUNTER(APP_SK, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode and        APP_S_STRING is a static string.

APP_SK is an application session key and given as:

-   -   APP_SK=HASH(CS_1, APP_SK_STRING),    -   wherein HASH is a hashing function, such as SHA-2, and        APP_SK_STRING is a static string.

CS_1 is a first common secret and is given as:

-   -   CS_1=HASH(HASH(HASH(HD_KEY, HD_CHALLENGE_1), PASSCODE_INFO),        DH_SECRET)    -   wherein HASH is a hashing function, such as SHA-2, HD_KEY is a        hearing device key based on the hearing device identifier,        HD_CHALLENGE_1 is the first hearing device challenge value,        PASSCODE_INFO is based on the passcode entered by the user, and        DH_SECRET is the common secret of the Diffie-Hellman algorithm        derived from the public keys of the hearing device and the user        application. The passcode info PASSCODE_INFO is given as:    -   PASSCODE_INFO=HASH(HD_ID, PASSCODE_STR),    -   wherein HASH is a hashing function, such as SHA-2, HD_ID is the        hearing device identifier, and PASSCODE_STR is a string of        characters with the passcode entered by the user.

HD_KEY is a hearing device key based on the hearing device identifierand given as:

-   -   HD_KEY=HASH(HD_ID, APP_KEY),    -   wherein HASH is a hashing function, such as SHA-2, HD_ID is the        hearing device identifier, and APP_KEY is keying material stored        in the user application. Again, the same or different hashing        functions may be used in different steps for determining the        secondary application session key and/or first common secret.

The hearing device 8 receives the first authentication request 108 andverifies the first authentication data AD_1 by comparing AD_1 withauthentication data calculated in the hearing device based on passcodeinfo stored in the memory unit of the hearing device, e.g. duringfitting or during hearing device update. If the hearing device 8successfully verifies the first authentication data, and optionally thehearing device accepts the secondary authentication type indicated bythe first authentication type identifier, the hearing device calculatesan authentication key, stores the authentication key with an associatedauthentication key identifier in the memory unit, determines hearingdevice authentication data, and transmits an authentication response 120comprising hearing device authentication data HD_AD and theauthentication key identifier AUTH_KEY_ID to the user application 12.

The hearing device authentication data HD_AD is given as:

-   -   HD_AD=AES_COUNTER(HD_SK, HD_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        HD_SK is the hearing device session key based on the first        common secret CS_1, and HD_S_STRING is a static string. Thus,        the hearing device authentication data may be generated by        encrypting a static string with the hearing device session key        based on the first common secret.

The user application 12 receives the authentication response 120 andverifies the authentication response by verifying the hearing deviceauthentication data HD_AD by comparing HD_AD with authentication datacalculated in the user application based on the first common secret. Ifverifying the authentication response is successful, the userapplication calculates the authentication key AUTH_KEY (if notcalculated earlier) and stores the authentication key and theauthentication key identifier AUTH_KEY_ID from the authenticationresponse and connects by connection signalling 122 to the hearing deviceusing the authentication key AUTH_KEY and the authentication keyidentifier AUTH_KEY_ID.

FIG. 4 illustrates an exemplary method performed in a user applicationof creating a trusted bond between a hearing device and the userapplication. The method 200 comprises obtaining 202 first authenticationmaterial, e.g. with obtain module 202 a, the first authenticationmaterial comprising a hearing device identifier and a first hearingdevice challenge value. The method 200 optionally comprises obtaining203 security data of the hearing device. e.g. with obtain module 202 a,the security data comprising a type identifier indicative of theauthentication to be applied in the user application, and a keyingmaterial identifier enabling the user application to verify if the userapplication supports communication to the hearing device. The method 200proceeds to determining 203A first authentication data and transmitting204 a first authentication request comprising a first authenticationtype identifier and the first authentication data, e.g. with transmitmodule 204 a, to the hearing device. Determining 203A firstauthentication data optionally comprises determining 203B a first commonsecret based on the first authentication material and optionallydetermining 203C the first authentication data based on the first commonsecret, e.g. as described in relation to FIG. 2. Determining 203A firstauthentication data optionally comprises determining 203D, e.g. as partof 203C, an application session key, e.g. based on the first commonsecret, and optionally calculating the first authentication data basedon the application session key. The first authentication requestcomprises the first authentication type identifier based on the securitydata obtained in 203.

The method 200 comprises receiving 206, e.g. with receive module 206 a,an authentication response comprising an authentication key identifierand storing 208 an authentication key and the authentication keyidentifier, e.g. with storing module 208 a, wherein the authenticationkey is based on the first authentication material. Further, the method200 comprises connecting 210 the user application to the hearing device,e.g. with connecting module 210 a, using the authentication key and theauthentication key identifier. The method 200 comprises calculating 211the authentication key based on the first authentication material, e.g.as part of 203A or 208. The method may comprise obtaining 226 a publickey of the hearing device. In one or more exemplary methods, obtaining apublic key of the hearing device may be performed before or afterobtaining 202 first authentication material. Determining 203A firstauthentication data may be based on public keys of the hearing deviceand the user application, e.g. using a Diffie-Helmann scheme asdescribed earlier.

FIG. 5 illustrates an exemplary method performed in a user applicationof creating a trusted bond between a hearing device and the userapplication. The method 200A comprises acts already described inconnection with FIG. 4 using the same reference numerals. The method200A optionally comprises verifying 212 the security data and/or thefirst authentication material, if not proceeding directly to 203A from202. If the security data and/or the first authentication material areverified, the method 200A proceeds to 203A shown and described in moredetail in FIG. 4 If verification 212 fails, the method 200A terminates214, e.g. including providing 214A an error message in the userapplication.

The method 200A optionally comprises verifying 216 the authenticationresponse, if not proceeding directly from 206 to 208. The acts ofstoring 208 authentication key and authentication key identifier and/orconnecting 210 the user application to the hearing device using theauthentication key and the authentication key identifier is performed ifverifying the authentication response is successful. Verifying theauthentication response is based on the first common secret and/thesecond common secret depending on authentication type.

FIG. 6 illustrates an exemplary method performed in a user applicationof creating a trusted bond between a hearing device and the userapplication. The security data obtained in 203 are indicative of aprimary authentication type and the user application operatesaccordingly. Step 203A is the same as described in relation to method200 of FIG. 4. The method 200B comprises receiving 218 an authenticationaccept message, e.g. authentication accept message 110. Theauthentication accept message is indicative of the hearing device havingaccepted the first authentication data/first authentication typeidentifier of the first authentication request, e.g. firstauthentication request 108. The method 200B proceeds to obtaining 220second authentication material comprising a second hearing devicechallenge value and/or the hearing device identifier, and determining222 second authentication data based on the second authenticationmaterial. Determining 222 second authentication data optionallycomprises determining 222A a second common secret based on the secondauthentication material and optionally determining 222B the secondauthentication data based on the second common secret, e.g. as describedin relation to FIG. 2. Determining 222 second authentication dataoptionally comprises determining 222C, e.g. as part of 222B, a secondaryapplication session key, e.g. based on the second common secret, andoptionally calculating the second authentication data based on thesecondary application session key. The method 200B comprisestransmitting 224 a second authentication request comprising a firstauthentication type identifier and the second authentication data to thehearing device, the first authentication type identifier beingindicative of a second authentication request for the primaryauthentication type. In the method 200B, verifying 216 theauthentication response is based on the second common secret.

FIG. 7 illustrates an exemplary method performed in a user applicationof creating a trusted bond between a hearing device and the userapplication. The security data obtained in 203 are indicative of asecondary authentication type and the user application operatesaccordingly. The method 200C comprises obtaining 224 a passcode from auser of the user application by receiving the passcode via a userinterface of a user accessory device running the user application.Determining 203A is based on the passcode entered by the user, anddetermining 211 the authentication key (see FIG. 4) is based on thepasscode. The method 200C comprises obtaining 226 a public key of thehearing device.

In step 203A of method 200C, the first authentication data AD_1 aregiven as:

-   -   AD_1=AES_COUNTER(APP_SK, APP_S_STRING),    -   wherein AES_COUNTER is encryption with AES in counter mode,        APP_SK is the application session key and APP_S_STRING is a        static string, and wherein the application session key APP_SK is        given as:    -   APP_SK=HASH(CS_1, APP_SK_STRING),    -   wherein HASH is a hashing function, CS_1 is the first common        secret and APP_SK_STRING is a static string.

The first common secret CS_1 is in exemplary method 200C given as:

-   -   CS_1=HASH(HASH(HASH(HD_KEY, HD_CHALLENGE_1), PASSCODE_INFO),        DH_SECRET)    -   wherein HASH is a hashing function, HD_KEY is a hearing device        key, e.g. based on the hearing device identifier, HD_CHALLENGE_1        is the first hearing device challenge value, PASSCODE_INFO is        based on the passcode entered by the user, and DH_SECRET is the        common secret of the Diffie-Hellman algorithm derived from the        public keys of the hearing device and the user application. The        passcode info PASSCODE_INFO is given as:    -   PASSCODE_INFO=HASH(HD_ID, PASSCODE_STR),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and PASSCODE_STR is a string of characters with the        passcode entered by the user.

The hearing device key HD_KEY is given as:

-   -   HD_KEY=HASH(HD_ID, APP_KEY),    -   wherein HASH is a hashing function, HD_ID is the hearing device        identifier, and APP_KEY is keying material stored in the user        application. The hearing device key and the        PASSCODE_STR/PASSCODE_INFO is also found or stored in the        hearing device, thus enabling the hearing device to calculate        the first common secret and verify the first authentication        data.

FIG. 8 illustrates an exemplary method performed in a hearing device ofcreating a trusted bond between the hearing device and a userapplication. The method 300 comprises transmitting 302, e.g. withtransmit module 302 a, security data of the hearing device, wherein thesecurity data are indicative of an authentication type applied in thehearing device; transmitting 304, e.g. with transmit module 304 a, firstauthentication material comprising a hearing device and first hearingdevice challenge value; receiving 306, e.g. with receive module 306 a, afirst authentication request comprising a first authentication typeidentifier and first authentication data; verifying 308, e.g. withverification module 308 a, the first authentication data and/or firstauthentication type identifier; and determining and storing 310, e.g.with determine and store module 310 a, an authentication key ifverifying the first authentication data is successful 312. The method300 optionally comprises transmitting 314 a public key of the hearingdevice to the user application. If the hearing device performs a primaryauthentication, the authentication key in step 310 is stored in atemporary memory and the method 300 proceeds to transmitting 315 anauthentication accept message and starting 316 a timer. If the timertimes out in 318, i.e. the timer reaches a timer threshold, the methodproceeds to step 320 of deleting or overwriting the authentication keyin the temporary memory and aborting the creation of a trusted bondbetween the hearing device and the user application. Otherwise, themethod proceeds to determine 322 if a read message has been received. Ifread message has been received, the method 300 proceeds to transmitting324 second authentication material comprising a second hearing devicechallenge value and receiving 326 a second authentication requestcomprising a second authentication type identifier and secondauthentication data. The method 300 comprises verifying 328 the secondauthentication data based on the authentication key stored in thetemporary memory; and storing 329 the authentication key inauthentication key storage with associated authentication key identifierand generating and transmitting 330 an authentication responsecomprising an authentication key identifier indicative of theauthentication key in the hearing device, if verifying 328 the secondauthentication data is successful. Generating and transmitting anauthentication response comprises determining hearing deviceauthentication data, wherein the authentication response comprises thehearing device authentication data.

If the security data are indicative of a secondary authentication type,the method 300 proceeds to retrieving 332 a passcode from the memoryunit of the hearing device and verifying 334 the first authenticationdata based on the passcode. If the first authentication data are notverified in 334, the method 300 aborts the creation of a trusted bondbetween the hearing device and the user application. Further, the method300 comprises transmitting 336 an authentication response comprising anauthentication key identifier indicative of the authentication key inthe hearing device, if verifying the first authentication data issuccessful.

FIG. 9 shows an exemplary hearing device. The hearing device 8 comprisesa processing unit 350 including a transmit module 302 a, a transmitmodule 304 a, a receive module 306 a, a verification module 308 a, and adetermine and store module 310 a. Further, the hearing device comprisesa memory unit 352 and an interface 354,

-   -   wherein the hearing device 8 is configured to transmit first        authentication material, e.g. with transmit module 304 a;        receive a first authentication request comprising a first        authentication type identifier and first authentication data,        e.g. with receive module 306 a; verify the first authentication        data, e.g. with verification module 308 a; and determine and        store an authentication key, e.g. with determine and store        module 310 a, if verifying the first authentication data is        successful.

The hearing device 8 may be arranged to execute at least parts ofmethods as disclosed herein. The processing unit 350 may furthercomprise a number of optional functional modules, such as any of atransmit module 302 a configured to perform step 302, a transmit module304 a configured to perform step 304, a receive module 306 a configuredto perform step 306, verification module 308 a configured to performstep 308, and determine and store module 310 a configured to performstep 310. In general terms, each functional module may be implemented inhardware and/or in software.

The use of the terms “first”, “second”, “third” and “fourth”, etc. doesnot imply any order, but are included to identify individual elements.Moreover, the use of the terms first, second, etc. does not denote anyorder or importance, but rather the terms first, second, etc. are usedto distinguish one element from another. Note that the words first andsecond are used here and elsewhere for labelling purposes only and arenot intended to denote any specific spatial or temporal ordering.Furthermore, the labelling of a first element does not imply thepresence of a second element and vice versa.

Although features have been shown and described, it will be understoodthat they are not intended to limit the claimed invention, and it willbe made obvious to those skilled in the art that various changes andmodifications may be made without departing from the spirit and scope ofthe claimed invention. The specification and drawings are, accordinglyto be regarded in an illustrative rather than restrictive sense. Theclaimed invention is intended to cover all alternatives, modifications,and equivalents.

LIST OF REFERENCES

-   -   2 hearing system    -   4 server device    -   6 hearing device system    -   8 hearing device    -   10 user accessory device    -   12 user application    -   20 first communication link    -   22 second communication link    -   24 antenna    -   26 radio transceiver    -   28 first microphone    -   30 second microphone    -   32 processing unit    -   34 receiver    -   36 processing unit    -   38 memory unit    -   40 interface    -   100, 100A signalling diagram    -   102 read message    -   104 first authentication data    -   106 read response message    -   107 key exchange signalling    -   108 first authentication request    -   110 authentication accept message    -   112 read message    -   114 second authentication material    -   116 read response message    -   118 second authentication request    -   120 authentication response    -   122 connection signalling    -   200, 200A, 200B method of creating a trusted bond between        hearing device and user application    -   202 obtaining first authentication material    -   202 a obtain module    -   203 obtain security data    -   203A determining first authentication data    -   203B determining a first common secret    -   203C determining the first authentication data based on the        first common secret    -   203D determining an application session key and calculating the        first authentication data based on the application session key    -   204 transmitting first authentication request    -   204 a transmit module    -   206 receiving an authentication response    -   206 a receive module    -   208 storing an authentication key and the authentication key        identifier    -   208 a storing module    -   210 connecting the user application to the hearing device    -   211 calculating the authentication key    -   212 verifying security data and/or first authentication material    -   214 terminating    -   214A providing error message    -   216 verifying the authentication response    -   218 receiving an authentication accept message    -   220 obtaining second authentication material    -   222 determining second authentication data    -   222A determining a second common secret based on the second        authentication material    -   222B determining the second authentication data based on the        second common secret    -   222C determining a secondary application session key and        calculating the second authentication data based on the        secondary application session key    -   224 obtain passcode    -   226 obtain public key of the hearing device    -   300 Method performed in a hearing device of creating a trusted        bond between hearing device and user application    -   302 transmitting security data    -   302 a transmit module    -   304 transmitting first authentication material    -   304 a transmit module    -   306 receiving first authentication request    -   306 a receive module    -   308 verifying the first authentication data and/or first        authentication type identifier    -   308 a verification module    -   310 determining and storing authentication key    -   310 a determine and store module    -   312 verification ok?    -   314 transmitting public key of the hearing device    -   316 starting timer    -   318 timeout?    -   320 deleting or overwriting the authentication key in the        temporary memory    -   322 read message received?    -   324 transmitting second authentication material    -   326 receiving a second authentication request    -   328 verifying the second authentication data    -   329 storing the authentication key in authentication key storage    -   330 generating and transmitting an authentication response    -   332 retrieving a passcode from the memory unit of the hearing        device    -   334 verifying the first authentication data based on the        passcode    -   336 transmitting an authentication response    -   350 processing unit    -   352 memory unit    -   354 interface

1. A method of establishing a connection with a hearing device,comprising: obtaining first authentication material; transmitting afirst authentication request comprising a first authentication typeidentifier and first authentication data to the hearing device;receiving an authentication response comprising an authentication keyidentifier; storing an authentication key and the authentication keyidentifier, wherein the authentication key is based on the firstauthentication material; and establishing a connection with the hearingdevice using the authentication key and the authentication keyidentifier.
 2. The method according to claim 1, wherein the firstauthentication material comprises a hearing device identifier and afirst hearing device challenge value.
 3. The method according to claim1, further comprising determining a first common secret based on thefirst authentication material.
 4. The method according to claim 1,further comprising determining an application session key, andcalculating the first authentication data based on the applicationsession key.
 5. The method according to claim 1, further comprisingverifying the authentication response; wherein the act of storing theauthentication key and the authentication key identifier and/or the actof establishing the connection with the hearing device using theauthentication key and the authentication key identifier, is performedif the act of verifying the authentication response results in asuccessful verification.
 6. The method according to claim 1, furthercomprising calculating the authentication key based on the firstauthentication material.
 7. The method according to claim 1, furthercomprising obtaining security data from the hearing device, and whereinthe first authentication type identifier is based on the security data.8. The method according to claim 7, wherein if the security data isindicative of a primary authentication type, the method furthercomprises: receiving an authentication accept message; obtaining secondauthentication material comprising a hearing device challenge value;determining second authentication data based on the secondauthentication material; and transmitting a second authenticationrequest comprising a second authentication type identifier and thesecond authentication data to the hearing device.
 9. The methodaccording to claim 7, wherein if the security data is indicative of asecondary authentication type, the method further comprises obtaining apasscode, and creating the first authentication request based on thepasscode.
 10. The method according to claim 1, further comprisingobtaining a public key of the hearing device, and wherein theauthentication key is based on the public key of the hearing device. 11.A method performed by a hearing device, comprising: transmittingsecurity data of the hearing device, wherein the security data isindicative of an authentication type applied in the hearing device;transmitting first authentication material; receiving a firstauthentication request comprising a first authentication type identifierand first authentication data; verifying the first authentication data;and determining and storing an authentication key if the firstauthentication data is successfully verified.
 12. The method accordingto claim 11, wherein if the security data is indicative of a primaryauthentication type and if the first authentication data is successfullyverified, the method further comprises: transmitting an authenticationaccept message; transmitting second authentication material comprising asecond hearing device challenge value; receiving a second authenticationrequest comprising a second authentication type identifier and secondauthentication data; verifying the second authentication data; andtransmitting an authentication response comprising an authentication keyidentifier indicative of the authentication key in the hearing device ifthe second authentication data is successfully verified.
 13. The methodaccording to claim 11, wherein the method further comprises: starting atimer if the first authentication data is successfully verified; anddeleting or overwriting the authentication key if the timer reaches atimer threshold.
 14. The method according to claim 11, wherein if thesecurity data is indicative of a secondary authentication type, themethod further comprises: retrieving a passcode; wherein the firstauthentication data is verified based on the passcode.
 15. A programproduct having a set of instructions, an execution of which by aprocessing unit of a user accessory device will cause the user accessorydevice to perform a method, the method comprising: obtaining firstauthentication material; transmitting a first authentication requestcomprising a first authentication type identifier and firstauthentication data to a hearing device; receiving an authenticationresponse comprising an authentication key identifier; storing anauthentication key and the authentication key identifier, wherein theauthentication key is based on the first authentication material; andestablishing a connection with the hearing device using theauthentication key and the authentication key identifier.
 16. A hearingdevice comprising: a processing unit; and a memory unit coupled to theprocessing unit; wherein the processing unit of the hearing device isconfigured to: transmit first authentication material; receive a firstauthentication request comprising a first authentication type identifierand first authentication data; verify the first authentication data; anddetermine and store an authentication key if the first authenticationdata is successfully verified.